1. Field of the Invention
The present invention relates to a storage system, and a control method of a storage system.
2. Description of the Related Art
A storage system is a device that provides data storage service to a host apparatus. A storage system is typically composed of a plurality of disk array devices comprised of hard disk drives or the like, and various disk controllers for controlling these disk array devices. The disk controllers comprise a processor for controlling the overall storage system, a host interface for connecting to the host apparatus, a disk interface for connecting to the disk array, and a cache memory for caching user data is further disposed between the interfaces of the foregoing components.
Since a storage system is generally used in mission critical businesses of banks, securities firms and the like, it is required of high reliability capable of preventing the loss of user data, and high availability capable of continuously providing the storage service to the host apparatus.
An error in a component configuring the storage system is something that may occur stochastically, and is therefore unavoidable. Thus, it is necessary to give sufficient consideration to fault tolerance from the perspective of system design.
“IBM System p5 570 Technical Overview and Introduction,” September 2006, Component 3.1.7 discloses dynamic deallocation technology of a processor referred to as a “CPU guard” regarding a server computer. With this deallocation technology, when a error occurs in any one of a plurality of processors, the system configuration is reconstructed (deallocated) so that operation is carried out without using the failed processor, and only using the remaining processors.
More specifically, when a hardware error is detected, a diagnosis program is activated based on the reboot processing of the system. When the error occurred in the CPU or the L3 cache, such hardware component is removed from the system configuration.
With the deallocation technology described above, while the failed component is being specified, there is a possibility that the other normal components such as the cache memory, the host interface or the disk interface will be subject to unauthorized access due to the malfunction of the failed component, and, as a result, data stored in the cache memory may be overwritten and lost, or the host interface or the disk interface may transfer erroneous data.